DroidBot Disaster: Android Trojan Targets 77 Banks with Sneaky Malware-as-a-Service Model

DroidBot is not your average Android remote access trojan. With a monthly fee of $3,000, this malware is like the Netflix of cybercrime, offering users access to a web panel for customizing attacks. Operating in Europe, it creatively uses MQTT and HTTPS for command-and-control, making it both flexible and resilient.

3P
Published: December 5, 2024 4:09 pmAdded: December 5, 2024 at 8:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Android users are in for a RAT-race with DroidBot, the malware that’s turned your phone into a double agent. Who knew that even malware was getting into the subscription service game? Move over Netflix, there’s a new player in town!

Key Points:

  • DroidBot is a newly discovered Android remote access trojan (RAT) targeting banking institutions, cryptocurrency exchanges, and national organizations.
  • It combines hidden VNC, overlay attack techniques, keylogging, and user interface monitoring.
  • Operates on a malware-as-a-service (MaaS) model for $3,000 per month.
  • Primarily seen in European countries, disguising itself as security apps or banking apps.
  • Utilizes MQTT for outbound data and HTTPS for inbound commands.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?